Github Dependabot recommending Gemfile.lock PLATFORMS change from ruby to x86_64-linux. Nokogiri 1.13.1 -> 1.13.9

Question

# Gemfile.lock
- nokogiri (1.13.1)
-   mini_portile2 (~> 2.7.0)
+ nokogiri (1.13.9-x86_64-linux)

...

PLATFORMS
-  ruby
+  x86_64-linux

Hello! Dependabot is recommending a gem bump Nokogiri 1.13.1 -> 1.13.9 with the above diff.

However I cannot figure out why dependabot is recommending the bump to x86_64 as opposed only 1.13.9, which appears to be an appropriate tag. https://rubygems.org/gems/nokogiri/versions/1.13.9

Additionally, I don't understand why PLATFORMS would require the above change. Shouldn't the platform be specified on the specific nokogiri line if necessary at all? I am relatively new to the rails repository in question, what can I look for to help my understanding as to why dependabot is recommending this particular version bump? I don't see anything in the https://github.com/sparklemotion/nokogiri/releases which looks relevant so I suspect the repository configuration is to blame.

Before I posted I looked at

• Platforms added to Gemfile.lock
• how to prevent bundler from adding platform info to Gemfile.lock.

Unfortunately, I did not draw any conclusions from reading these similar issues. Any insight would be appreciated.

Answer 1

nokogiri is published in multiple versions with prebuilt native extension for corresponding platforms, this allows installation on machines (or containers etc) where compilation is not desirable or not possible.

You can add used platforms to your lockfile via

# usually production is x86 linux:
bundle lock --add-platform x86_64-linux

# for M1/M2 macs:
bundle lock --add-platform arm64-darwin